Results of the Remote Signature Survey 2023

As it is by now almost five years ago that the first version of ETSI TS 119 432 (“Protocols for remote digital signature creation”) was published, the experts from ETSI ESI, OASIS DSS-X, Cloud Signature Consortium (CSC) and go.eIDAS have joined forces in order to set up a short survey, which aimed at identifying existing implementations of ETSI TS 119 432 and providing an overview of existing Remote Signature services.

Note, that these services may play a crucial role within the practical implementation of the forthcoming Art. 6a (4) (ec) eIDAS2, which stipulates that the European Digitial Identity Wallet (EUDIW) shall offer the ability to create qualified electronic signatures free of charge for non-professional purposes.

Remote Signature Survey 2023

This survey has been carried out in the last quarter of 2023 and was answered by 30 organisations listed below, among almost all provide Remote Signature services.

The main results of the survey may be summarised as follows:

  • 17 % (5) of the Remote Signature Services are compliant to ETSI TS 119 432 v1.2.1, whereas 13 % (4) have chosen to implement the variant based on the CSC-API and 3 % (1) is based on the OASIS-API.
  • 60 % (18) of the Remote Signature Services provide an API, which is similar to the ETSI-API, whereas 47 % (14) are based on the CSC-API, 7 % (2) are based on the OASIS-API and 7% (2) are based on some other API. Note, that several respondents, which support the CSC-variant, have indicated that they are supporting version 0.4.0 or even 2.0.0.2 of this specification, while ETSI 119 432 v1.2.1 is refering to version 1.0.3.0 of the CSC-API-specification and hence ETSI TS 119 432 may need to be updated accordingly.
  • 3 % (1) of the Remote Signature Service providers plan to support the ETSI-API in the near future and
  • 20 % (6) do not plan to support a standardised API at all.

Remote Signature Survey Result

While almost all participants in the survey prefer to keep pricing information confidential, there were some figures provided: One respondent indicated a price of 120 € per year for qualified electronic signatures and 400 € for advanced electronic seals. Another respondent mentioned a monthly fee of 200 € for accessing the remote signature interface. Yet another respondent mentioned a range from 0 to 0,50 € per advanced electronic signature and 0 to 2,50 € per qualified electronic signature. Sample costs for identification have been provided for 2,50 € with eID, 7,50 € with VideoIdent and 3,50 € with AutoIdent. Only one respondent shared a price list for remote signature services, which is based on transaction fees and a minimum number of transactions, but this pricing is only valid in selected EU Member States.

We thank the following organisations for participating in the survey:

eIDAS-Signer launched

The EU-funded mGov4EU project follows a citizen-centric approach to enable secure and privacy-friendly mobile government services across Europe. Among the project results is the novel eIDAS-Signer service (https://Signer.eID.AS), which allows to use electronic identification (eID) means, such as the German eID or ID Austria, for the creation of advanced or qualified electronic signatures in a mobile environment.

There are currently 32 (pre-) notified eID-Schemes in Europe. Furthermore there are currently 260 Qualified Trust Service Providers (QTSPs), among which 189 issue qualified certificates for electronic signature purposes. Against this background the mGov4EU project has assembled leading European experts from government, business and science located in Austria, Belgium, Estonia, Germany, and Spain in order to design the next generation service infrastructure for Europe and develop innovative services on this basis.

This especially bridges the gap between the “eID” part and the “AS” (trust services) part of the eIDAS regulation in order to enable trustworthy, mobile and citizen-centric electronic business and cross-border government processes all over Europe.

mGov4EU bridges the gap between eID and AS for mobile citizen

An important result of the mGov4EU project is the novel and community-driven eIDAS-Signer service, which is available at https://Signer.eID.AS and allows to create advanced or qualified electronic signatures after suitable electronic identification processes in a mobile environment.

Welcome to the eIDAS-Signer

The eIDAS-Signer service has been co-designed with a variety of experts within the open eIDAS community, assembled around the non-profit go.eIDAS e.V., and has been developed and is operated by ecsec GmbH in a certified environment to provide an easy to use and SME-suitable alternative to already existing, but purely commercially oriented offerings, which are typically provided by multi-national enterprises.

While the eIDAS-Signer service currently only supports ID Austria and the German eID, it is an obvious goal to support the other notified eID-Schemes and more QTSPs as depicted below.

Please feel free to reach out to the open eIDAS community to get support, suggest improvements or new features as well as priorities for further development.

We gratefully acknowledge that the eIDAS-Signer builds upon components and services, which have been developed within research projects supported by the European Commission (FutureTrust and mGov4EU) and the German Ministry of Economic Affairs and Climate Action (SkIDentity and TEAM-X).

The triple is completed: The German ID card can now be used in Nextcloud, WordPress and TYPO3 for strong authentication free of charge!

The strong authentication by means of the German ID card for all TYPO3 applications completes the triple of eID logins for Nextcloud, WordPress and TYPO3 realised by ecsec GmbH on behalf of the Federal Office for Information Security (BSI). In the last few weeks, three eID Login Services for web applications that are particularly popular have been developed and published under an Open Source license. In connection with the SkIDentity service, the German eID card can now be used free of charge in all these web applications for strong authentication.

Underline: The German ID card can now be used in Nextcloud, WordPress and TYPO3 for strong authentication free of charge!

Strong Authentication with German eID Card reaches public

The German eID Card (“Personalausweis”) with online ID function, which has been notified at the highest possible level of assurance (“high”) in accordance with the eIDAS-Regulation, can be used by all citizens for electronic identification (eID) and for strong pseudonymous authentication on the Internet. Until now, this has been used in a range of special applications mostly in the government sector. With the eID Login Services developed by ecsec GmbH on behalf of the BSI, it is now possible to use the German eID Card with online ID function in the popular web applications Nextcloud, WordPress und TYPO3 for strong authentication.

The early and consequent consideration of relevant security aspects according to the „Security by Design“ principle and the publication of the “eID-Login” extensions as Open Source ensure that a very high level of trustworthiness is achieved

„eID-Login“ App for Nextcloud

Nextcloud offers the industry-leading Open Source Cloud Solution for on-premises data processing and communication. The platform combines universal data access via mobile and desktop web interfaces with innovative, secure communication and collaboration functions such as document processing in real time, chat and video calls – and all of this under the direct control of IT and can be integrated into existing infrastructures. With its easy and fast deployment, modular architecture and focus on security and efficient collaboration, Nextcloud enables modern companies to optimize their existing file storage facilities inside and outside the boundaries of their company. Based on the “eID-Login” App for Nextcloud developed by ecsec GmbH on behalf of the BSI, it is now possible to use the German ID card with online ID function in this popular cloud solution for strong authentication. “It is great to see Nextcloud as the first mainstream platform with support for the German eID Card for strong authentication and identification,” adds Frank Karlitschek, founder and managing director of Nextcloud GmbH. “We look forward to many users of this innovative authentication technology.”

„eID-Login“ Plugin for WordPress

WordPress was originally a software for weblogs and has now developed into a full-fledged Content Management System (CMS) based on PHP and MySQL for creating and maintaining websites. A large percentage of all German websites are implemented on the basis of the freely available and market-leading WordPress Content Management System (CMS). Against this background, ecsec GmbH developed on behalf of the BSI an „eID-Login“ Plugin for WordPress, with which the German eID card with online ID can now be used for strong authentication. “This means that the electronic identity can be activated and used immediately in around 40% of all German websites,” explains Dr. Detlef Hühnlein Managing Director of ecsec GmbH.

„eID-Login“ Extension for TYPO3

TYPO3 is a free and flexible Open Source Content Management System that is very well suited for professional website creation. About half of the German DAX companies and about a quarter of all German cities have set up their websites with TYPO3. In order to use the German ID card for strong authentication of frontend users in TYPO3, ecsec GmbH has developed an “eID-Login” extension for TYPO3 on behalf of the BSI. “It is great that the German eID card with online ID function can now also be used in TYPO3 for strong authentication”, adds Tina Hühnlein Managing Director of ecsec GmbH.

Cooperation between BSI and ecsec GmbH enables free https://eID.Services

So that the German eID Card can be used immediately and free of charge for strong authentication in Nextcloud, WordPress and TYPO3 the SkIDentity service, which has won multiple international awards, is also provided for strong authentication free of charge as part of the joint project. In addition to the free authentication service, the eID experts at ecsec GmbH also offer additional support services for hosting providers and application developers (see https://eID.Services) so that the “eID-Login” functionality can easily be integrated and used in other Open Source applications as well.

 

Galactic praise for the German electronic Identity Card (“Personalausweis”)

In order to discuss the draft of a “Law for the Promotion of Electronic Identification” (BT-Drs. 18/11279) on Monday, April 24, 2017, an apparently widely perceived¹ hearing of the Committee for Internal affairs of the German parliament (“Bundestag”) took place. Everybody who was not able to be in Berlin on this memorable day, can see the recording of the expert hearing in the media library of the Bundestag. For those who do not wish to view the entire meeting, we have provided the most interesting section here:

Dr. Constanze Kurz, the spokeswoman of the Chaos Computer Club explains the following about the German electronic ID card:

“The basic concept of its technical nature is complex and certainly difficult to understand for the ordinary citizen who now gets this activated chip, but of course very well designed and a good solution.”

We always knew it! There is nothing more to say. It is an open question whether the eID function of the ID card still needs legal support after this most likely largest possible galactic² praise.

¹ As explained in the FAQ, the Chaos Computer Club „is a galactic community of creatures, regardless of age, gender and descent, as well as social status“.

² See e.g. ZEIT, Focus, NETZPOLITIK, Berliner Zeitung, Frankfurter Rundschau, Heise, Kommune21, eGovernment-Computing, Computer Base

SkIDentity uses certified Open eCard App

[Michelau, January 12th 2016] SkIDentity uses the new version of the Open eCard App, which has recently be certified by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) according to its technical guideline BSI TR-03124 (eID-Client). The certificate, which has been awarded the very first time to an Open Source component and without any failures in the conformity report, is valid until December 8th 2020 and enables the trustworthy use of electronic identity (eID) cards and other smart cards in SkIDentity with Linux, Mac OS and Windows.

Platform-independent and lightweight eID-Client for SkIDentity

Thanks to the constructive cooperation of industrial and academic experts within the Open eCard project, a lightweight and platform-independent Open Source implementation of the “eCard-API-Framework” according to BSI TR-03112 was created, which supports various smart cards for electronic identity, health, signatures and banking from Germany, Austria, Estonia and Belgium for example. Based on this framework a user-friendly eID-Client according to BSI TR-03124 – also known as the “Open eCard App” – was created, which now has been certified by the BSI. Because of the modular architecture based on the international standard ISO/IEC 24727, the Open eCard App can easily be extended and smoothly integrated into modern web applications such as SkIDentity.

With continuous improvement and strict Quality Management to the BSI TR-03124 certificate without conformity failures

To ensure the conformity to the relevant technical specifications of the BSI and a high level of quality, the Bavarian State Ministry of Finance started the certification process according to BSI TR-03124 for the Open eCard App in 2014. Thanks to continuous improvement and a strict Quality Management system based on international standards such as ISO/IEC 9001 and ISO/IEC 90003 and utilizing the Open Source eID-Client-Testbed of the BSI, the current version 1.2 of the Open eCard App now has been formally certified by the BSI. Note, that it is the first time ever that an Open Source eID-Client received a certificate according to
BSI TR-03124. „We are particularly proud of the fact, that the test report shows that there are no conformity failures, „Open eCard Project Maintainer“ Tobias Wich complements. „On the one hand this underlines the high quality of the Open eCard software and on the other hand it creates further trust and confidence for the German eID card and similar smart cards.“

„As shown by the example of ‚SkIDentity‘, the secure, extensible and user-friendly Open eCard App has already several times formed the basis of distinguished and awarded systems solutions“, replenished Dr. Detlef Hühnlein, CEO of ecsec GmbH and head of the SkIDentity project. „We are delighted, that a first result of our work now is not only awarded, but also certified.“